def render_link(text, url, target="main", onclick=None):
# Convert relative links into absolute links. We have three kinds
# of possible links and we change only [3]
# [1] protocol://hostname/url/link.py
# [2] /absolute/link.py
# [3] relative.py
if not (":" in url[:10]
) and not url.startswith("javascript") and url[0] != '/':
url = config.url_prefix() + "check_mk/" + url
return html.render_a(text,
href=url,
class_="link",
target=target or '',
onfocus="if (this.blur) this.blur();",
onclick=onclick or None)
def _handle_not_authenticated():
if _fail_silently():
# While api call don't show the login dialog
raise MKUnauthenticatedException(_('You are not authenticated.'))
# Redirect to the login-dialog with the current url as original target
# Never render the login form directly when accessing urls like "index.py"
# or "dashboard.py". This results in strange problems.
if html.myfile != 'login':
raise HTTPRedirect(
'%scheck_mk/login.py?_origtarget=%s' %
(config.url_prefix(), html.urlencode(html.makeuri([]))))
# This either displays the login page or validates the information submitted
# to the login form. After successful login a http redirect to the originally
# requested page is performed.
login_page = login.LoginPage()
login_page.set_no_html_output(_plain_error())
login_page.handle_page()
def _do_login(self) -> None:
"""handle the sent login form"""
if not html.request.var('_login'):
return
try:
username_var = html.request.get_unicode_input('_username', '')
assert username_var is not None
username = UserId(username_var.rstrip())
if not username:
raise MKUserError('_username', _('No username given.'))
password = html.request.var('_password', '')
if not password:
raise MKUserError('_password', _('No password given.'))
default_origtarget = config.url_prefix() + "check_mk/"
origtarget = html.get_url_input("_origtarget", default_origtarget)
# Disallow redirections to:
# - logout.py: Happens after login
# - side.py: Happens when invalid login is detected during sidebar refresh
if "logout.py" in origtarget or 'side.py' in origtarget:
origtarget = default_origtarget
# '<user_id>' -> success
# False -> failed
result = userdb.hook_login(username, password)
if result:
assert isinstance(result, str)
# use the username provided by the successful login function, this function
# might have transformed the username provided by the user. e.g. switched
# from mixed case to lower case.
username = result
# When single user session mode is enabled, check that there is not another
# active session
userdb.ensure_user_can_init_session(username)
# reset failed login counts
userdb.on_succeeded_login(username)
# The login succeeded! Now:
# a) Set the auth cookie
# b) Unset the login vars in further processing
# c) Redirect to really requested page
_create_auth_session(username)
# Never use inplace redirect handling anymore as used in the past. This results
# in some unexpected situations. We simpy use 302 redirects now. So we have a
# clear situation.
# userdb.need_to_change_pw returns either False or the reason description why the
# password needs to be changed
change_pw_result = userdb.need_to_change_pw(username)
if change_pw_result:
raise HTTPRedirect(
'user_change_pw.py?_origtarget=%s&reason=%s' %
(html.urlencode(origtarget), change_pw_result))
raise HTTPRedirect(origtarget)
userdb.on_failed_login(username)
raise MKUserError(None, _('Invalid credentials.'))
except MKUserError as e:
html.add_user_error(e.varname, e)
